The question is no longer if, but when: we will all use an AI-powered browser soon. But which one will dominate, and how quickly will that happen? For now, Chrome remains the leader on both PCs and mobile devices, while Comet stands out as the loudest pure AI browser contender. So, at this moment, it’s a showdown between the established giant and the emerging AI challenger.
When it comes to AI and web browsing, the most crucial factor is security and privacy. Your browser is your window to the world — and it also lets the world peer back in. It is, arguably, the biggest vulnerability on your phone or PC. As users gaze outward, attackers look inward.
A sobering new report from SquareX reveals alarming vulnerabilities in AI browsers, warning that attackers could exploit these platforms to steal sensitive data, distribute malware, and gain unauthorized access to enterprise SaaS applications.
Perplexity, the company behind Comet, is squarely in SquareX’s spotlight. According to their findings, “Comet was vulnerable to an OAuth attack, which allowed attackers to gain full access to the victim’s email and Google Drive accounts. This enabled the exfiltration of every file stored on those accounts, including those shared by colleagues and customers.”
But the risks don’t stop there. In a separate exploit, SquareX demonstrated how the AI browser, while performing routine tasks in a user’s inbox — a core feature promoted by Comet itself — could inadvertently send malicious links to a victim’s colleagues via calendar invites.
Similar concerns come from LayerX, which warns that “a single malicious URL — even without any overtly harmful page content — is enough to expose and steal sensitive data stored in Comet.” This attack requires nothing more than tricking a user into opening a crafted link, which could be delivered via email, a browser extension, or a compromised website.
The reality is clear: AI browsers are still in their infancy and have significant security hardening ahead. We are only beginning to understand how attackers can exploit these new platforms.
“Despite claims of being more secure,” SquareX CEO Vivek Ramachandran explains, “autonomous agents operating with full user privileges can act without human oversight and lack the security awareness and common sense even minimally trained users possess.”
Change is inevitable — and fast approaching. Venn CEO David Matalon notes, “We’re observing a notable 14% year-over-year increase in the use of novel, non-traditional browsers among remote employees and contractors, driven largely by the promise of AI-enhanced productivity.”
At the same time, Menlo Security’s Pejman Roshan offers caution. Browsers are the primary gateway for almost all digital activity. So, should users switch from trusted leaders like Chrome, Edge, or Safari to new AI browsers? It ultimately depends on individual priorities.
That choice shapes the timing of adoption. It’s coming, but deciding whether to switch now requires careful consideration of the known risks and warnings surrounding AI browsers and agents.
Between Chrome and Comet, the pressure is on Google to rethink its narrative. LayerX CEO Or Eshed believes “AI browsers will become the main interface for accessing AI technology. While still emerging, traditional browsers are already adapting.”
So, the real decision may soon dissolve into a necessity.
In response to the report, Perplexity’s Kyle Polley emphasized, “This so-called vulnerability isn’t about AI itself. It’s a classic phishing scenario where a human was tricked and asked an AI agent to execute the compromised commands — such as ‘visit this site and log in.’ The AI agent is simply following instructions. Proper enterprise security controls over login events would block both the human and agent actions. This is a 20-year-old vulnerability, not a new AI flaw.”
